source: x/lib/qtwebengine.xml@ 4f0d19b

lazarus trunk
Last change on this file since 4f0d19b was 6ab9228f, checked in by Ken Moffat <zarniwhoop@…>, 3 months ago

Add a Warning about qtwebengien vulnerabilities.

Addresses =19551
  • Property mode set to 100644
File size: 17.0 KB
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY qtwebengine-download-http "https://download.qt.io/official_releases/qt/&qtwebengine-major;/&qtwebengine-version;/submodules/qtwebengine-everywhere-src-&qtwebengine-version;.tar.xz">
8 <!ENTITY qtwebengine-download-ftp " ">
9 <!ENTITY qtwebengine-md5sum "d2a509bd4dc6bbf1272217292546cfce">
10 <!ENTITY qtwebengine-size "525 MB">
11 <!ENTITY qtwebengine-buildsize "8.5 GB (319 MB installed)">
12 <!ENTITY qtwebengine-time "60 SBU (Using parallelism=8)">
13]>
14
15<sect1 id="qtwebengine" xreflabel="qtwebengine-&qtwebengine-version;">
16 <?dbhtml filename="qtwebengine.html"?>
17
18 <title>QtWebEngine-&qtwebengine-version;</title>
19
20 <indexterm zone="qtwebengine">
21 <primary sortas="a-qtwebengine">qtwebengine</primary>
22 </indexterm>
23
24 <sect2 role="package">
25 <title>Introduction to QtWebEngine</title>
26
27 <para>
28 <application>QtWebEngine</application> integrates
29 <application>chromium</application>'s web capabilities into Qt. It
30 ships with its own copy of ninja which it uses for the build if it cannot
31 find a system copy, and various copies of libraries from ffmpeg, icu,
32 libvpx, and zlib (including libminizip) which have been forked by the
33 <application>chromium</application> developers.
34 </para>
35
36 <para>
37 This package and browsers using it may be useful if you need to use a
38 website designed for google chrome, or chromium, browsers.
39 </para>
40
41 <warning>
42 <para>
43 QtWebEngine uses a forked copy of chromium, and is therefore vulnerable
44 to many issues found there. The Qt developers seem to fork a newer
45 version for minor Qt versions, but because chromium moves to newer
46 versions very often, by the time the Qt developers get a forked version
47 to pass their extended tests it is always an old version and security
48 fixes from chromium (some of which have a CVE number) can take several
49 months to appear in a QtWebengine release, even if the severity has been
50 rated as Critical.
51 </para>
52
53 <para>
54 Therefore, you should be wary of using QtWebEngine in a sensitive
55 context and should always update to the next release as soon as it
56 appears in this book, even if is not flagged as a Security Update.
57 Identifying which vulnerabilities have been fixed in a particular
58 release requires pulling the appropriate 'based-NNN' branch just before
59 the previous and current releases and is often impractical. Reports of
60 fixed QTBUG items do not seem to be available and there is not any
61 documentation in the tarball for changes after the qt-5 versions.
62 </para>
63 </warning>
64
65 &lfs121_checked;
66
67 <warning>
68 <para>
69 By default, ninja will use all online CPUs +2 (if at least 4 exist),
70 even if they are not available to the current task because the build
71 terminal has been restricted with 'taskset'. In BLFS, this package
72 takes more time to build than any other. In one example,
73 the build of this package crashed at about the 90 percent point
74 due to an out of memory problem on a system with 24 cores and 32 GB
75 of memory.
76 </para>
77
78 <para>
79 To work around this, see the Command Explanations below.
80 </para>
81 </warning>
82<!--
83 <note>
84 <para>
85 If you are upgrading and have installed a newer version of <xref
86 linkend='icu'/> since you last installed <xref linkend='qt5'/>, you
87 will need to reinstall Qt5 before upgrading, otherwise the final link
88 of this package will fail with a warning that the version of icu
89 libraries needed by libQt5Core.so may conflict with the version
90 used for this package.
91 </para>
92
93 <para>
94 Unusually, the shipped GN build system (used to create the Ninja files)
95 requires a static <filename class="libraryfile">libstdc++.a</filename>
96 although the installed libraries correctly use the shared version. If
97 that static library is not present, the build will fail quite quickly.
98 Please note that if you try to build webengine as part of
99 <application>Qt</application> and the static library is not available,
100 that build will either complete without installing webengine, or else
101 fail during the install (both variants were observed in 5.12.0).
102 </para>
103 </note>
104-->
105 <bridgehead renderas="sect3">Package Information</bridgehead>
106 <itemizedlist spacing="compact">
107 <listitem>
108 <para>
109 Download (HTTP): <ulink url="&qtwebengine-download-http;"/>
110 </para>
111 </listitem>
112 <listitem>
113 <para>
114 Download (FTP): <ulink url="&qtwebengine-download-ftp;"/>
115 </para>
116 </listitem>
117 <listitem>
118 <para>
119 Download MD5 sum: &qtwebengine-md5sum;
120 </para>
121 </listitem>
122 <listitem>
123 <para>
124 Download size: &qtwebengine-size;
125 </para>
126 </listitem>
127 <listitem>
128 <para>
129 Estimated disk space required: &qtwebengine-buildsize;
130 </para>
131 </listitem>
132 <listitem>
133 <para>
134 Estimated build time: &qtwebengine-time;
135 </para>
136 </listitem>
137 </itemizedlist>
138
139<!--
140 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
141 <itemizedlist spacing="compact">
142 <listitem>
143 <para>
144 Required patch:
145 <!\-\- keep links for releases and git versions as a reminder
146 that the tarball names names differ
147 <ulink url="&patch-root;/qtwebengine-everywhere-src-&qtwebengine-version;-ICU68-2.patch"/> \-\->
148
149 <ulink url="&patch-root;/qtwebengine-&qtwebengine-version;-5.15.7-1.patch"/>
150 </para>
151 </listitem>
152 <listitem>
153 <para>
154 Required patch:
155 <ulink url="&patch-root;/qtwebengine-&qtwebengine-version;-build_fixes-2.patch"/>
156 </para>
157 </listitem>
158 <listitem>
159 <para>
160 Required patch:
161 <ulink url="&patch-root;/qtwebengine-&qtwebengine-version;-ffmpeg5_fixes-1.patch"/>
162 </para>
163 </listitem>
164
165 <listitem>
166 <para>
167 Required patch:
168 <ulink url="&patch-root;/qtwebengine-&qtwebengine-version;-icu_73-1.patch"/>
169 </para>
170 </listitem>
171 </itemizedlist>
172-->
173
174 <bridgehead renderas="sect3">qtwebengine Dependencies</bridgehead>
175
176 <bridgehead renderas="sect4">Required</bridgehead>
177
178 <para role="required">
179 <xref linkend="html5lib"/>,
180 <xref linkend="nodejs"/>,
181 <xref linkend="nss"/>,
182 <xref linkend="pciutils"/>, and
183 <xref linkend='qt6'/>
184 </para>
185
186 <bridgehead renderas="sect4">Recommended</bridgehead>
187 <note>
188 <para>
189 If these packages are not installed, the build process will compile and
190 install its own (perhaps older) version, with the side effect of
191 increasing build and installed disk space and build time.
192 </para>
193 </note>
194
195 <para role="recommended">
196 either <xref linkend="alsa-lib"/> or
197 <xref linkend="pulseaudio"/> (or both),
198 <xref linkend="ffmpeg"/>,
199 <xref linkend="icu"/>,
200 <xref linkend="libwebp"/>,
201 <xref linkend="libxslt"/>, and
202 <xref linkend="opus"/>
203 </para>
204
205 <bridgehead renderas="sect4">Optional</bridgehead>
206 <para role="optional">
207 <xref linkend="libevent"/>,
208 <xref linkend="mitkrb"/>,
209 <xref linkend="pipewire"/>,
210 <xref linkend="poppler"/>,
211 <ulink url="https://github.com/open-source-parsers/jsoncpp/releases">jsoncpp</ulink>,
212 <ulink url="https://github.com/cisco/libsrtp/releases">libsrtp</ulink>,
213 <ulink url="https://google.github.io/snappy/">snappy</ulink>
214 </para>
215
216 </sect2>
217
218 <sect2 role="installation">
219 <title>Installation of qtwebengine</title>
220 <para>
221 Install <application>qtwebengine</application> by running the following
222 commands:
223 </para>
224
225<screen><userinput>mkdir build &amp;&amp;
226cd build &amp;&amp;
227
228cmake -D CMAKE_MESSAGE_LOG_LEVEL=STATUS \
229 -D QT_FEATURE_webengine_system_ffmpeg=ON \
230 -D QT_FEATURE_webengine_system_icu=ON \
231 -D QT_FEATURE_webengine_system_libevent=ON \
232 -D QT_FEATURE_webengine_proprietary_codecs=ON \
233 -D QT_FEATURE_webengine_webrtc_pipewire=ON \
234 -D QT_BUILD_EXAMPLES_BY_DEFAULT=OFF \
235 -G Ninja .. &amp;&amp;
236
237ninja</userinput></screen>
238
239 <para>
240 This package does not come with a test suite.
241 </para>
242
243 <para>
244 Now, as the <systemitem class="username">root</systemitem> user:
245 </para>
246
247<screen role="root"><userinput>ninja install</userinput></screen>
248
249 <!-- EDITORS NOTE: If you are updating this package, use INSTALL_ROOT=
250 instead of DESTDIR= Not sure this is valid any more with version 6.6.2 -->
251 </sect2>
252
253 <sect2 role="commands">
254 <title>Command Explanations</title>
255
256 <para>
257 <parameter>CMAKE_MESSAGE_LOG_LEVEL=STATUS</parameter>: Output
258 interesting messages that project users might be interested in.
259 Ideally these should be concise, no more than a single line,
260 but still informative.
261 </para>
262
263 <para>
264 <parameter>QT_FEATURE_webengine_system_*</parameter>: Specify what
265 external packages the system should use.
266 </para>
267
268 <para>
269 <parameter>QT_BUILD_EXAMPLES_BY_DEFAULT=OFF</parameter>: Do not build
270 examples by default.
271 </para>
272
273 <para>
274 <option>NINJAJOBS=4 make</option>: If you patched system ninja in LFS to
275 recognize the NINJAJOBS environment variable, this command will run system
276 ninja with the specified number of jobs (i.e. 4).
277 There are several reasons why you might want to use options like this this:
278 </para>
279
280 <itemizedlist>
281 <listitem>
282 <para>
283 Building on a subset of CPUs allows measuring the build time
284 for a smaller number of processors, and/or running other
285 CPU-intensive tasks at the same time. For an editor on a machine
286 with a lot of CPUs, trying to measure the build time for a 4-CPU
287 machine, <option>NINJAJOBS=4 make</option> will give a reasonable
288 approximation (there is a short period where N+2 python and node
289 jobs run).
290 </para>
291 </listitem>
292 <listitem>
293 <para>
294 On a machine with only 4 CPUs online, the default of scheduling
295 N+2 jobs for qtwebengine is slower by between 3% and 7%, probably
296 because of the size of the C++ files and their many includes and
297 templates. Therefore, if in doubt set NINJAJOBS to the number of CPUs.
298 </para>
299 </listitem>
300 <listitem>
301 <para>
302 Reducing the number of cores being used on long running, CPU
303 intensive packages may alleviate heat problems.
304 </para>
305 </listitem>
306 <listitem>
307 <para>
308 Reducing the number of cores will prevent potential out-of-memory
309 problems on systems that do not have enough memory (or swap)
310 when all cores are active. A suggested approach is to limit
311 the number of cores to about one core for each 1.5 GB of
312 combined RAM and swap space.
313 </para>
314 </listitem>
315 </itemizedlist>
316
317 </sect2>
318
319 <sect2 role="configuration">
320 <title>Configuring QtWebEngine</title>
321
322 <sect3 id="qtwebengine-config">
323 <title>Configuration Information</title>
324
325 <para>
326 If you are upgrading from an older minor version of this
327 application, for some webpages to load you may need to
328 clear the <emphasis>browser</emphasis> caches, e.g. for
329 <application>falkon</application> they will be found in
330 <filename class="directory">~/.cache/falkon/</filename>.
331 You will need to do this if the browser starts to render
332 the page and then changes to a blank tab with a message
333 that something went wrong, and a button to Retry. Even
334 after removing the old caches, you may need to retry a
335 few times for each affected tab.
336 </para>
337
338 <para>
339 If a browser using this package fails to run and when run
340 from a term it reports 'Trace/breakpoint trap' that is
341 probably a kernel configuration issue - there is no need
342 to rebuild QtWebEngine, see the next section, recompile
343 the kernel and reboot to the new kernel.
344 </para>
345
346 </sect3>
347
348 </sect2>
349
350 <sect2 role="kernel" id="qtwebengine-kernel">
351 <title>Kernel Configuration</title>
352
353 <para>
354 This package does not require any of the optional kernel namespace items,
355 but if User namespace is enabled <phrase revision="systemd">(as happens
356 in some unit files, for hardening)</phrase> PID namespace must also be
357 enabled. In that case enable the following options in the kernel
358 configuration and recompile the kernel if necessary:
359 </para>
360
361 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
362 href="qtwebengine-kernel.xml"/>
363
364 <indexterm zone="qtwebengine qtwebengine-kernel">
365 <primary sortas="d-qtwebengine">qtwebengine</primary>
366 </indexterm>
367 </sect2>
368
369 <sect2 role="content">
370 <title>Contents</title>
371
372 <segmentedlist>
373 <segtitle>Installed Programs</segtitle>
374 <segtitle>Installed Libraries</segtitle>
375 <segtitle>Installed Directories</segtitle>
376
377 <seglistitem>
378 <seg>
379 qtwebengine_convert_dict and
380 QtWebEngineProcess (both in $QT6DIR/libexec)
381 </seg>
382 <seg>
383 libQt6Pdf.so,
384 libQt6PdfQuick.so,
385 libQt6PdfWidgets.so,
386 libQt6WebEngineCore.so,
387 libQt6WebEngineiQuick.so,
388 libQt6WebEngineQuickDelegatesQml.so, and
389 libQt6WebEngineWidgets.so
390 </seg>
391 <seg>
392 $QT6DIR/include/QtPdf,
393 $QT6DIR/include/QtPdfQuick,
394 $QT6DIR/include/QtPdfWidgets,
395 $QT6DIR/include/QtWebEngineCore,
396 $QT6DIR/include/QtWebEngineQuick,
397 $QT6DIR/include/QtWebEngineWidgets,
398 $QT6DIR/qml/QtWebEngine, and
399 $QT6DIR/translations/qtwebengine_locales
400 </seg>
401 </seglistitem>
402 </segmentedlist>
403
404 <variablelist>
405 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
406 <?dbfo list-presentation="list"?>
407 <?dbhtml list-presentation="table"?>
408
409 <varlistentry id="qtwebengine_convert_dict">
410 <term><command>qtwebengine_convert_dict</command></term>
411 <listitem>
412 <para>
413 converts hunspell dictionaries (<literal>.dic</literal>) to chromium
414 format (<literal>.bdic</literal>)
415 </para>
416 <indexterm zone="qtwebengine qtwebengine_convert_dict">
417 <primary sortas="b-qtwebengine_convert_dict">qtwebengine_convert_dict</primary>
418 </indexterm>
419 </listitem>
420 </varlistentry>
421
422 <varlistentry id="QtWebEngineProcess">
423 <term><command>QtWebEngineProcess</command></term>
424 <listitem>
425 <para>
426 is a libexec program which runs a zygote process (one that listens
427 for spawn requests from a master process and will fork itself in
428 response)
429 </para>
430 <indexterm zone="qtwebengine QtWebEngineProcess">
431 <primary sortas="b-QtWebEngineProcess">QtWebEngineProcess</primary>
432 </indexterm>
433 </listitem>
434 </varlistentry>
435<!--
436 <varlistentry id="libQtWebEngine-lib">
437 <term><filename class="libraryfile">libQtWebEngine.so</filename></term>
438 <listitem>
439 <para>
440 provides QML types for rendering web content within a QML application
441 </para>
442 <indexterm zone="qtwebengine libQtWebEngine-lib">
443 <primary sortas="c-libQtWebEngine">libQtWebEngine.so</primary>
444 </indexterm>
445 </listitem>
446 </varlistentry>
447
448 <varlistentry id="libQtWebEngineCore">
449 <term><filename class="libraryfile">libQtWebEngineCore.so</filename></term>
450 <listitem>
451 <para>
452 provides public API shared by both QtWebEngine and QtWebEngineWidgets
453 </para>
454 <indexterm zone="qtwebengine libQtWebEngineCore">
455 <primary sortas="c-libQtWebEngineCore">libQtWebEngineCore.so</primary>
456 </indexterm>
457 </listitem>
458 </varlistentry>
459
460 <varlistentry id="libQtWebEngineWidgets">
461 <term><filename class="libraryfile">libQtWebEngineWidgets.so</filename></term>
462 <listitem>
463 <para>
464 provides a web browser engine as well as C++ classes to render and
465 interact with web content
466 </para>
467 <indexterm zone="qtwebengine libQtWebEngineWidgets">
468 <primary sortas="c-libQtWebEngineWidgets">libQtWebEngineWidgets.so</primary>
469 </indexterm>
470 </listitem>
471 </varlistentry>
472-->
473 </variablelist>
474 </sect2>
475
476</sect1>
Note: See TracBrowser for help on using the repository browser.